Security Audit
IT and information security have become company critical factors. The targeted and regular search and elimination of vulnerabilities within technical and organizational security concepts should, therefore, be an integral part of the security politics in every company.
SCHUTZWERK GmbH is highly specialized in the realization of different types of IT security audits:
SCHUTZWERK GmbH is highly specialized in the realization of different types of IT security audits:
IT Global
Infrastructure
(Web) Applications
End Points
Wireless Systems
Embedded Systems
Employees & Building
Basic Phases of Security Audits
1Kick-off Meeting
-
Explanation of the object of investigation
(Depending on the method: white box/ black box/ grey box)
-
Definition of relevant risk scenarios & main areas of examination
-
Clarification of technical & legal guidelines
-
Definition of project procedures, contacts, responsible parties & time limits
2Project Preparations
-
Compulsory scheduling & resource planning
-
Update of examination tools
3Information Gathering
-
Internet research
-
Footprinting/ enumeration
IP-Range scanning/ determination of attack surface/ Crawling/ Spidering
-
Observation of buildings
(Physical access control audit)
4Analyse & Verification
-
Analysis of the objects of investigation regarding vulnerabilities
-
Verification of identified vulnerabilities through direct attacks
(Scope and aggressiveness depends on the type of audit)
5Creation of a Report
-
Detailed documentation of the procedures and results
-
Risk analysis of identified vulnerabilities
-
Creation of a catalog of prioritized countermeasures
6Presentation of Results
-
Creation of target group specific presentations
-
Explanation of the audit and the results
-
Explanation and discussion of the measures
